1/5 
BODENetal. 
END920010095US1 WES 




2/5 

END920010095US1 



32- 



-C2 



34- 



C2 CI 



F/G. 2 



3/5 

END920010095US1 




4/5 

END920010095US1 



10 °\ ANY RULES ON THIS ! PHYSICAL INTERFACE? — 102 

> y/ n\ 

204 — is dg PROTOCOL IPSEC? (IP, ETC, AS USUAL) —106 

I'' n\ 

240—DO IPSEC, ETC. IMPLICIT IKE HANDLING? — 108 

/ \ ; y\ 

ok/ \noSA n| ike packet? — no 



/ 142- 

144 — MATCH POLICY? IS DEST LOCAL? PRE-IPSEC FILTER ' (a) 

FILTER PERM IT? - 



/ \ n V \n r r tn ™ ! ^-232 
/ \ DISCARD \ y i \ fn/a 
; \ 146 S \134^\ 
! DISCARD PERMIT MATCH POLICY 
1 248-^ ! FOR PHYSICAL IFC? ^ 

150 "^ ! ! norn/a/ y\ 

IKE PACKET? 152 MASQ NAT RULES? ' DISCARD — 138 

J \n 200 — y/ \ 

! PERMIT DO NAT \" 

| ^-254 ! 

DO IKE SETUP ^ STATIC NAT RULES? 262 

! \ n/ \y 

PERMIT —258 \ / doW 164 

(a) FILTERS RULES? H2 

V \ n 

114 — DO FILTERING PERMIT H6 

(EXPLICIT RULES) 

PERMIT DISCARD 'IMPLICIT IKE HANDLING? — — i22 

118 S 120^ n / \y 

124 DEFAULT DENY IKE PACKET? 126 

"/ \y 

128 — DEFAULT DENY PERMIT- — 150 



FIG. 4 



5/5 

END920010095US1 



200 



\ 



ANY RULES ON THIS PHYSICAL INTERFACE? — 204 

y/ n\ 

208 — FILTER RULES EXIST? IP, AS USUAL — 206 



n / 



V 

IKE PACKET? — 210 



IMPLICIT IKE HANDLING? —222 

■/ i\ 

22G — DO FILTERING FOR NESTED CONNECTION? 22 

/ i \ y/ n\ 



DISCARD PERMIT DO IPSEC 

/ / ! (ah, esp, ipcomp) 
t 228 230 \ \ \ 

STATIC NAT?— 212\ 

y/ n 



214 — DO STATIC NAT 



/ MASQUERADE NAT? 



( DO MASQ NAT 

\ / : 

\218 \ 

(--> IP, AS USUAL - 

I 

220 



216 



232 



FIG. 5 



